rsync through multiple ssh hops with password
authentication prompt
Matt McCutchen
hashproduct at verizon.net
Wed Oct 19 22:34:13 GMT 2005
On Wed, 2005-10-19 at 22:22 +0100, Manuel López-Ibáñez wrote:
> Thanks very much. However, for several reasons, I cannot apply that
> "trick" in my case. Apart from those reasons, there is no X server on
> middle or target at all. [...] And what should I put in $DISPLAY?
Graphical programs find the appropriate X server on which to show their
windows via the $DISPLAY variable. When you log into X, $DISPLAY is
automatically set to a code for your display, often :0.0, in the
environment of all programs started via X. Conveniently enough, X
programs communicate with X servers through sockets and ports, and SSH
already has code to forward ports. When SSH does "X forwarding", it
sets up a virtual display of sorts on the remote machine and points the
remote $DISPLAY to this display. When you run a remote graphical
program, it reads $DISPLAY and connects to the corresponding port; SSH
is watching this port and redirects the program to the real X server
port on your machine.
In short, you can just tell SSH to do X forwarding and remote graphical
programs will show their windows on "source". You need not set $DISPLAY
yourself, nor do you need an X server on any machine but "source".
> Moreover, which password-prompting program
> should I use? middle is an OpenBSD machine.
SSH usually comes with one of these programs, and it is called
"ssh-askpass" or similar. My system has a "gnome-ssh-askpass" and even
sets $SSH_ASKPASS automatically to this program. Failing that, a little
program called Zenity can be scripted to pop up simple dialog boxes; you
might be able to find a BSD version and use "zenity --entry" as your
$SSH_ASKPASS command.
> Finally, I am not sure if your first paragraph means that this is
> impossible and it won't be implemented in rsync.
I guess an option /could/ be added to rsync to have it send some data
across the network before it begins its protocol, but rsync's job isn't
to handle SSH authentication; it expects to be provided with a working
transport of some kind so that it can synchronize files. Rsync is not
the only tool that sometimes makes SSH connections without a terminal at
which the user can input the password, which is why there are alternate
techniques like this one, public key authentication, and ssh-agent.
--
Matt McCutchen, ``hashproduct''
hashproduct at verizon.net -- http://mysite.verizon.net/hashproduct/
More information about the rsync
mailing list